Fixes CVE-2014-4617: The do_uncompress function in g10/compress.c in
GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent
attackers to cause a denial of service (infinite loop) via malformed
compressed packets, as demonstrated by an a3 01 5b ff byte sequence.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes runtime issues when built with gcc 4.9
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[Peter: note that readline is optional, drop trailing Config.in line]
Signed-off-by: Ryan Barnett <ryan.barnett@rockwellcollins.com>
CC: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
According to the documentation:
"Header: The file starts with a header. It contains the module name,
preferably in lowercase, enclosed between separators made of 80 hashes."
This patch makes the appropriate changes.
Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add a new patch to use pkg-config to detect openssl.
[Peter: fix minor typos in description]
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- switch to BackPan in order to prevent build breakage
(like http://autobuild.buildroot.net/results/358/358f531f2db90b9bc3b1e4e2158c68d2bf6587fc/)
- add license file
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Tested-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
CVE-2014-0244 (Denial of service - CPU loop)
CVE-2014-3493 (Denial of service - Server crash/memory corruption)
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
CVE-2014-0244 (Denial of service - CPU loop)
CVE-2014-3493 (Denial of service - Server crash/memory corruption)
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
From the release notes:
- Add libtool versioning to the linker flags again. This was accidentially
removed in 0.4.20 but should not cause any problems on platforms other
than OS X (Sebastian Dröge)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit d3ccfa362b (avahi: run as avahi user/group instead of default)
changed avahi-autoipd to run as the avahi user, but forgot to update the
init script/systemd config to match.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Tarball no longer available in .gz format. From the release notes:
- Fix list corruption when splitting code memory chunks, causing crashes
when allocating a lot of code memory and trying to free it later
(Tim-Philipp Müller)
- Add some extra checks for the number of variables used in ORC code to
prevent overflows and crashes in the compiler (Vincent Penquerc'h)
- Various compiler warnings, coverity warnings and static code analysis
fixes (Sebastian Dröge)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This helper was called when none of the sources or license
files were saved.
Now we handle license files separately from the sources,
this is no longer the case: they are only called when the
sources are not saved.
Rename the handler and change the warning message accordingly.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Luca Ceresoli <luca@lucaceresoli.net>
Cc: Thomas De Schampheleire <patrickdepinguin@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Fabio Porcedda <fabio.porcedda@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
As the legal-info infra only (rightfully) saves the tarballs of packages
that:
- we want to redistribute,
- and are not local,
- and are not overriden,
add a comment stating so.
This should clarify the code-block, which although trivial to read,
was not easy to interpret without thinking thouroughly about it.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Luca Ceresoli <luca@lucaceresoli.net>
Cc: Thomas De Schampheleire <patrickdepinguin@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Fabio Porcedda <fabio.porcedda@gmail.com>
Reviewed-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Even if we do not save the sources for local or overridden packages because
it is too complex, we can still quite easily save the license files.
Also, having the license files is a very important part of complying with
the licenses.
Move the copy of license files out of the non-local, non-overridden package
case, but still in the case where packages have a _SOURCE defined, to
avoid catching packages bundled in Buildroot (eg. mkpasswd et al.)
Reported-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Luca Ceresoli <luca@lucaceresoli.net>
Cc: Thomas De Schampheleire <patrickdepinguin@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Fabio Porcedda <fabio.porcedda@gmail.com>
Reviewed-by: Luca Ceresoli <luca@lucaceresoli.net>
Tested-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Currently, if a package is marked _REDISTRIBUTE = NO, then legal-info
will not try to extract it first.
If that package also declares some _LICENSE_FILES, legal-info fails
if it is the only action we're trying to run:
$ cat defconfig
BR2_arm=y
BR2_TOOLCHAIN_BUILDROOT_EGLIBC=y
BR2_PACKAGE_LIBFSLCODEC=y
$ make BR2_DEFCONFIG=$(pwd)/defconfig defconfig
$ make legal-info
[--SNIP--]
cat: /home/ymorin/dev/buildroot/O/build/libfslcodec-3.5.7-1.0.0/EULA: No such file or directory
Fix this by always having legal-info extract the archives if one or
more _LICENSE_FILES are specified.
We do this for all types of packages: overridden, local or 'normal'
remote packages. Even though we do not save the sources for the
overridden or local packages, we need to save their licensing info,
so we need to extract them.
This implies that we now need only PKG-source, not PKG-extract anymore,
as a dependency of legal-info for packages we want to save (ie.
redistributable, non-local and non-overriden packages.)
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Luca Ceresoli <luca@lucaceresoli.net>
Cc: Thomas De Schampheleire <patrickdepinguin@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Fabio Porcedda <fabio.porcedda@gmail.com>
Reviewed-by: Luca Ceresoli <luca@lucaceresoli.net>
Tested-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
[Thomas: slightly reformat the Config.in help text. Add the 'LICENSE'
file to GEOIP_LICENSE_FILES.]
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
[Thomas: as noted by Arnout, remove trailing whitespace, and fix the
license to Artistic-2.0. Also, adjust the indentation in
package/Config.in to the new standard.]
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
To be able to check the "dot" command availability in
"<pkg>-graph-depends" move the check to the "graph-depends-requirements" rule.
Also don't use a subshell for the exit command to be sure that the error
will be returned by the shell.
Signed-off-by: Fabio Porcedda <fabio.porcedda@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Tested-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
[Thomas: rename existing patch and the one added by Arnout to follow
the patch naming convention.]
Cc: Marco Trapanese <marcotrapanese@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Make it accept uclinux in the tuple as linux. Fixes:
http://autobuild.buildroot.net/results/07f/07f2a560d9915ff7bad830be11f95aa856ce0e73/
Upstream seems dead with the last commit in svn being 5+ years ago and
with some recent patches in the mailing list just sitting there.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
After the bump to dhcpcd 6.4.0, building dhcpcd with ccache fails at the
configure step:
Using compiler .. <buildroot>/output/host/usr/bin/ccache <buildroot>/output/host/usr/bin/i686-pc-linux-gnu-gcc
<buildroot>/output/host/usr/bin/ccache <buildroot>/output/host/usr/bin/i686-pc-linux-gnu-gcc is not an executable
make: *** [<buildroot>/output/build/dhcpcd-6.4.0/.stamp_configured] Error 1
This patch backports an upstream patch to fix this issue.
Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes:
CVE-2014-1492 - The cert_TestHostName function in lib/certdb/certdb.c in
the certificate-checking implementation in Mozilla Network Security
Services (NSS) before 3.16 accepts a wildcard character that is embedded
in an internationalized domain name's U-label, which might allow
man-in-the-middle attackers to spoof SSL servers via a crafted
certificate.
CVE-2014-1491 - Mozilla Network Security Services (NSS) before 3.15.4,
as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3,
Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does
not properly restrict public values in Diffie-Hellman key exchanges,
which makes it easier for remote attackers to bypass cryptographic
protection mechanisms in ticket handling by leveraging use of a certain
value.
CVE-2014-1490 - Race condition in libssl in Mozilla Network Security
Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0,
Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before
2.24, and other products, allows remote attackers to cause a denial of
service (use-after-free) or possibly have unspecified other impact via
vectors involving a resumption handshake that triggers incorrect
replacement of a session ticket.
CVE-2013-1740 - The ssl_Do1stHandshake function in sslsecur.c in libssl
in Mozilla Network Security Services (NSS) before 3.15.4, when the TLS
False Start feature is enabled, allows man-in-the-middle attackers to
spoof SSL servers by using an arbitrary X.509 certificate during certain
handshake traffic.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2014-1545 - Mozilla Netscape Portable Runtime (NSPR) before
4.10.6 allows remote attackers to execute arbitrary code or cause a
denial of service (out-of-bounds write) via vectors involving the
sprintf and console functions.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
It's there for some historical reason and breaks libpcap with dbus
support for static linkage scenarios (like the one used by tcpreplay).
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
All of the new toolchain requirements (ipv6, threads, rpc) aren't
actually new - this package failed to build for ages, it just wasn't
picked up by the autobuilders because the main Makefile just doesn't
care about bailing out properly.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[Peter: check for avahi-daemon, not just the base avahi package]
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bump knock to version 0.7 and switch away from a git snapshot, it's
nicer and avoids the need to autoreconf.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Upstream removed support for libxml2 as xml backend, select expat
unconditionally.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Unfortunately the gitorious page/wiki says nothing useful so use the
elinux.org page for now.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Remove ADI toolchain 2012R1 package kludges since that version is gone
since the last bump.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Acked-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2014-1684: The ASF_ReadObject_file_properties function in
modules/demux/asf/libasf.c in the ASF Demuxer in VideoLAN VLC Media
Player before 2.1.3 allows remote attackers to cause a denial of service
(divide-by-zero error and crash) via a zero minimum and maximum data
packet size in an ASF file.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Also make the menu entry less melodramatic.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Currently we configure uClibc to use kernel headers from "staging" folder with
KERNEL_HEADERS="$(STAGING_DIR)/usr/include". This path is added to include
search path of uClibc build system in Rules.mak "CFLAGS += -I$(KERNEL_HEADERS)".
At the same time on uClibc installation to "staging" we point to the same
location "$(STAGING_DIR)/usr" (headers effectively go in "usr/include").
So after every installation to "staging" dependences get touched (even though we
copy the same headers every time) and so we may see lots of sources in uClibc
get rebuilt.
This has 2 consequences:
1. Longer build time - becase even on ordinary buildroot build uClibc is built
twice. On "uclibc building" and on "uclibc installation to target".
2. Symbols in libuClibc built initially (that is later installed in
"staging/sysroot") are situated with different offset compared to second build
(later copied in "target"). This happens because as described above only part
of sources get rebuilt and then on final linkage object files are linked in
different order.
And (2) leads to problems on remote rebugging: gdbserver reports offsets that
correspond to pointless assembly in libuClibc on host.
Here's how it looks like.
Before this patch:
$ cd ~/br2_output/i586/target/lib
$ i586-buildroot-linux-uclibc-readelf -s libuClibc-0.9.33.2.so | grep kill
423: 0000c42c 54 FUNC GLOBAL DEFAULT 7 kill
$ cd ~/br2_output/i586/staging/lib
$ i586-buildroot-linux-uclibc-readelf -s libuClibc-0.9.33.2.so | grep kill
423: 0000b518 54 FUNC GLOBAL DEFAULT 7 kill
After this patch:
$ cd ~/br2_output/i586/target/lib
$ i586-buildroot-linux-uclibc-readelf -s libuClibc-0.9.33.2.so | grep kill
423: 0000b518 54 FUNC GLOBAL DEFAULT 7 kill
$ cd ~/br2_output/i586/staging/lib
$ i586-buildroot-linux-uclibc-readelf -s libuClibc-0.9.33.2.so | grep kill
423: 0000b518 54 FUNC GLOBAL DEFAULT 7 kill
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Noam Camus <noamc@ezchip.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The fltk buildsystem no longer tries to strip binaries during installation,
so these can be dropped.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
For example, if your project is known to require more space than the
default max cache size, then you might want to increase the cache size
to a suitable amount using the -M (--max-size) option.
The string you specify here is passed verbatim to ccache. Refer to
ccache documentation for more details.
These initial settings are applied after ccache has been compiled.
Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Reviewed-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Tested-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Commit 433290761f changed the hard-coded
ccache directory location to use BR_CACHE_DIR (then BUILDROOT_CACHE_DIR),
which is exported by Makefile based on the BR2_CCACHE_DIR config option.
This allowed the cache location to be changed on-the-fly by setting a
"make" command line variable, but left the default location of ccache's
normal default at "$HOME/.ccache". Since this location does not match the
default for BR2_CCACHE_DIR, it is basically almost never correct, so
direct invocation of ccache outside of the buildroot Makefile, such as for
increasing the cache size, becomes cumbersome.
This patch changes the last-ditch cache location from "$HOME/.ccache" to
the BR_CCACHE_DIR value defined when host-ccache is configured. Note that
the ability to later override the cache location by using a BR_CACHE_DIR
command line variable is left intact.
Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Reviewed-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Tested-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Remove the specific check that was done in dependencies.sh to use the
generic one that were introduced by the previous patch.
Also, introduce, BR2_NEEDS_HOST_JAVAC and BR2_NEEDS_HOST_JAR as it is
needed by classpath.
Signed-off-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Reviewed-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The sources of the mkpasswd package are shipped with Buildroot, rather than
downloaded from an external location. As a result, no explicit version is
defined, causing build messages and build directory to show 'undefined' as
version.
This patch sets the version for mkpasswd to 'buildroot-$(BR2_VERSION), which
would for example expand to 'buildroot-2014.05'.
Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The sources of the makedevs package are shipped with Buildroot, rather than
downloaded from an external location. As a result, no explicit version is
defined, causing build messages and build directory to show 'undefined' as
version.
This patch sets the version for makedevs to 'buildroot-$(BR2_VERSION), which
would for example expand to 'buildroot-2014.05'.
Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
As mentioned in the e-mail accompanying the introduction of the pkg-virtual
infrastructure [1], the definition of FOO_VERSION is 'strange'.
After the cleanup of single/double dollar signs in inner-generic-package,
the special construction in pkg-virtual is no longer needed and can be
simplified.
Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
[1] http://lists.busybox.net/pipermail/buildroot/2014-April/093670.html
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
As the rules with respect to variable and function references and the need
for single or double dollar signs are not trivial, add a comment in
pkg-generic.mk describing them.
Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Reviewed-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The inner-xxx-targets in the buildroot package infrastructures are
evaluated using $(eval) which causes variable references to be a bit
different than in regular make code. As we want most references to be
expanded only at the time of the $(eval) we should not use standard
references $(VAR) but rather use double dollar signs $$(VAR). This includes
function references like $(call), $(subst), etc. The only exception is the
reference to pkgdir/pkgname and numbered variables, which are parameters to
the inner block: $(1), $(2), etc.
This patch introduces consistent usage of double-dollar signs throughout the
different inner-xxx-targets blocks.
In some cases, this would potentially cause circular references, in
particular when the value of HOST_FOO_VAR would be obtained from the
corresponding FOO_VAR if HOST_FOO_VAR is not defined. In these cases, a test
is added to check for a host package (the only case where such constructions
are relevant; these are not circular).
Benefits of these changes are:
- behavior of variables is now again as expected. For example, setting
$(2)_VERSION = virtual in pkg-virtual.mk will effectively work, while
originally it would cause very odd results.
- The output of 'make printvars' is now much more useful. This target shows
the value of all variables, and the expression that led to that value.
However, if the expression was coming from an inner-xxx-targets block, and
was using single dollar signs, it would show in printvars as
VAR = value (value)
while if double dollar signs are used, it would effectively look like
VAR = value (actual expression)
as is intended.
This improvement is for example effective for FOO_DL_VERSION, FOO_RAWNAME,
FOO_SITE_METHOD and FOO_MAKE.
The correctness of this patch has been verified using 'make printvars',
'make manual' and 'make legal-info' before and after applying this patch,
and comparing the output.
Insight-provided-by: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The libdrm has a bunch of useful test programs. Add an option to pass
the configure option to install them.
Signed-off-by: Ezequiel Garcia <ezequiel@vanguardiasur.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Add and enable a systemd unit file to bring up or down network with ifup /
ifdown, analogous to the skeleton/etc/init.d/S40network init script.
Signed-off-by: Ivan Sergeev <vsergeev@kumunetworks.com>
[eric.le.bihan.dev@free.fr:
- rebase
- install service only if systemd-networkd is not selected]
Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes CVE-2014-4020 (The frame metadissector could crash).
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The old ncurses trick is no longer needed for this version, in fact it's
harmful. Switch to proper configure options.
Also disable rpath hackery since it's not required and could be
problematic. Fixes:
http://autobuild.buildroot.net/results/411/411f6171e972eab4486143dedbfd078136886ab0/
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Since the switch to 4.8.x as default, the qemu-sparc target is broken.
For a gcc bug report see here:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=60624
Switch back to gcc 4.7.x as default for sparc.
Disable 4.8/4.9 as suggested by Thomas Petazzoni.
I even disabled gcc snapshot, it works right now, because
it is an old 4.8.0 snapshot by default, but as soon as this is updated
sparc build will break.
Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Kernel headers version 3.8.x has been deprecated since 2013.08 and thus can
be removed in 2014.08.
An automatic selection of 3.9.x headers is performed in the legacy menu.
Existing automatic selections of 3.8.x headers are modified to select
3.9.x.
As this patch removes the last occurrence of BR2_DEPRECATED_SINCE_2013_08,
the symbol is removed too.
Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes a number of security issues and adds support for PUT/DELETE. From the
release mail:
<snip>
Stephen Röttger reported a number of security bugs, the most serious of
which is a potential heap overflow in sliding_buffer.c (file uploads).
There is a potential for remote code execution.
At the same time, I've made an *experimental* change to allow RESTful
API's possible:
* PUT and DELETE methods are handled by the POST and GET handlers.
* For mostly historical reasons, data on the URI is still called
GET.<var>, and data in the body is named POST.<var>
* If the Content-Type is not "application/x-www-form-urlencoded", Haserl
won't try to urldecode the POST contents - it will just put the body in
POST.body verbatim.
</snip>
The lua handling now uses pkg-config, so adjust the code to match.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Even when compiled with --enable-static --disable-shared, util-linux
creates some incorrect libuuid.so, libblkid.so and libmount.so
symbolic links, which confuses the compiler which thinks that a shared
library is available. This causes some build issues such as:
http://autobuild.buildroot.org/results/990/9909d198ce14969d0e9d29a34fcc33f0ef79220d/
This commit fixes that by adding a patch to util-linux that fixes this
issue. The patch has been submitted upstream at
http://article.gmane.org/gmane.linux.utilities.util-linux-ng/9262.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
NM provides a newt based UI. One can create, modify and delete NM
connections via this interface.
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The patch fixes compilation error and is already upstreamed.
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[Peter: use http url as wget complains about certificate]
Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
Reviewed-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This patch provides service files for using psplash on embedded devices
running systemd:
- psplash-start.service: start psplash.
- psplash-quit.service: kill psplash when reaching multi-user.target
The following kernel command line options should also be set:
systemd.show_status=0 quiet splash
The option "systemd.show_status=0" is required, because, unlike Plymouth,
psplash does not have real systemd integration, i.e. it will not perform:
kill(1, SIGRTMIN + 21);
Note that no progress messages will be printed on the splash screen.
Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This patch installs a copy of libgcrypt.m4 from the libgcrypt source tarball
to systemd m4 directory.
Libgcrypt uses a custom m4 macro and not pkg-config to check if the
development files are available. Though libgcrypt support is optional in
systemd, this macro should be available whenever autoreconf is used,
otherwise the re-configuration will fail with:
configure.ac:616: warning: macro 'AM_PATH_LIBGCRYPT' not found in library
The call to autoreconf is required, as it is needed by the patch which
solves the `ln --relative` issue.
As asking the user to install the development package of libgcrypt on
the host machine or adding libgcrypt as a build dependency to systemd is
not acceptable, the required file is added to the m4 directory.
Fixes: http://autobuild.buildroot.net/results/1524d346fa17749e2ae62e063b9cfdd0de95c76a/
Fixes: http://autobuild.buildroot.net/results/10bcd92437eaa27eb61f8281c93efcb53d555e35/
Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
A tag has been created, so we should uses it.
This bump of version integrates the patch we had so there is no need for
it anymore.
Also, with this tag, faifa changed it's license to BSD-3c.
Signed-off-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes http://autobuild.buildroot.net/results/77e/77e4123a3ddc934efedf4b09adc2436421ee70b3/
liblua only uses libdl when dynamic linking is used, and certain toolchains
(E.G. bfin) doesn't provide a libdl - So only link against it if it is
needed.
At the same time change it pass the library in LIBS instead of LDFLAGS so it
ends up at the end of the linker cmdline.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Packages shouldn't strip executables by themselves, so that Buildroot
controls whether stripping should occur or not. This also fixes the
build on Blackfin FLAT where stripping actually doesn't work because
stripping FLAT binaries is not supported.
Fixes:
http://autobuild.buildroot.org/results/7d4/7d4e59c96928a06db5091235bf2eacf462ba8a21/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This makes sure that a patch adding a package shows in which menu the
package is added.
Before this commit, the patch has something like this:
> diff --git a/package/Config.in b/package/Config.in
> index 7800f23..433312e 100644
> --- a/package/Config.in
> +++ b/package/Config.in
> @@ -864,6 +864,7 @@ source "package/googlefontdirectory/Config.in"
> source "package/haveged/Config.in"
> source "package/mcrypt/Config.in"
> source "package/mobile-broadband-provider-info/Config.in"
> +source "package/mypackage/Config.in"
> source "package/shared-mime-info/Config.in"
> source "package/snowball-init/Config.in"
> source "package/sound-theme-borealis/Config.in"
[> added to avoid git-am recognizing this as the patch]
After this commit, the function marker shows in which menu the new
package was added:
> diff --git a/package/Config.in b/package/Config.in
> index b1111c8..7e6e1a4 100644
> --- a/package/Config.in
> +++ b/package/Config.in
> @@ -864,6 +864,7 @@ menu "Miscellaneous"
> source "package/haveged/Config.in"
> source "package/mcrypt/Config.in"
> source "package/mobile-broadband-provider-info/Config.in"
> + source "package/mypackage/Config.in"
> source "package/shared-mime-info/Config.in"
> source "package/snowball-init/Config.in"
> source "package/sound-theme-borealis/Config.in"
To keep things consistent, this is done for Config.in.host there, even
though we don't have sub-menus there at the moment.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
supervisor has a runtime dependency on python-setuptools which was not
expressed in its Config.in file. When running supervisor without setuptools,
one gets:
Starting supervisord: Traceback (most recent call last):
File "/usr/bin/supervisord", line 5, in <module>
from pkg_resources import load_entry_point
ImportError: No module named pkg_resources
Partially fixes bug #7184 (https://bugs.busybox.net/show_bug.cgi?id=7184)
Reported-by: Sebastian Himberger <sebastian@himberger.de>
Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
